<?php

session_start();


include 'dbHandler.php';

if(isset($_POST['ben']) && isset($_POST['pwd'])){
    
    $query = "SELECT ADRESSEN.ID_ADRESSE FROM ADRESSEN JOIN USERS ON "
            . "ADRESSEN.ID_ADRESSE = USERS.ID_ADRESSE WHERE "
            . "(((EMAIL_PRIVAT = '".stripcslashes($_POST['ben'])."' "
            . "AND LOGIN_MAIL_PIVATE = TRUE) OR "
            . "(EMAIL_GESCHAEFT = '".stripcslashes($_POST['ben'])."' "
            . "AND LOGIN_MAIL_PIVATE = FALSE)) "
            . "AND PASSWORD = ('".stripcslashes($_POST['pwd'])."')) "
            . "AND ADRESSEN.SYS_DELETED = FALSE AND "
            . "USERS.SYS_DELETED = FALSE;";
    
    $res = dbAbfrage($query);
    
    $dsatz = mysql_fetch_assoc($res);
    
    
    if(mysql_num_rows($res)==1){
        $_SESSION['Eingeloggt'] = TRUE;
        $_SESSION['USER'] = $dsatz['ID_ADRESSE'];
        
        $query = "UPDATE USERS SET LAST_LOGIN = now() "
                . "WHERE ID_USER = ".$dsatz['ID_ADRESSE'].";";
        
        dbInsert($query);
        
        echo TRUE;
    }  else {
        echo FALSE;
    }  
}

?>
